From b750101eb236130cf056c675997decbac904cc49 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:35:18 +0200 Subject: Adding upstream version 252.22. Signed-off-by: Daniel Baumann --- .../exec-protectkernelmodules-no-capabilities.service | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 test/test-execute/exec-protectkernelmodules-no-capabilities.service (limited to 'test/test-execute/exec-protectkernelmodules-no-capabilities.service') diff --git a/test/test-execute/exec-protectkernelmodules-no-capabilities.service b/test/test-execute/exec-protectkernelmodules-no-capabilities.service new file mode 100644 index 0000000..7236af2 --- /dev/null +++ b/test/test-execute/exec-protectkernelmodules-no-capabilities.service @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=Test CAP_SYS_MODULE ProtectKernelModules=no + +[Service] +ProtectKernelModules=no +# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output +ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_module' +Type=oneshot -- cgit v1.2.3